And my server is running iptables with the frontend UFW with the following rules:
Default: deny (incoming), allow (outgoing), disabled (routed)
New profiles: skip
To Action From
-- ------ ----
80/tcp ALLOW IN Anywhere
443/tcp ALLOW IN Anywhere
1373/tcp ALLOW IN Anywhere
My problem now is that if I change all outgoing traffic to deny, my connector goes offline (even with the outgoing rules for 443, 30000-31000 and UDP any), the connector just loses the connection. why?
The second thing I don’t understand is why I need to open my SSH port in UFW to access my server via privateIP:sshport (my ssh port is on 1373, due to some restrictions). Why does there need to be an incoming rule for my ssh port in my ufw? Because it wasn’t the case a week ago (ssh worked without the incoming rule).
Just to clarify, when you change the default outgoing rule to deny via ufw/iptables, have you also added ALLOW OUT rules for TCP 80,443,30000-310000 and UDP any?
Can you please provide a screenshot of sudo ufw status so I can see the complete output with the outgoing traffic set to deny.
Regarding the SSH port - are you saying you have the private IP of your connector machine set as a Twingate resource, and you can’t SSH into it unless you add the ufw rule?
Yes, exactly. First I add the outbound rules and then I set the allow out to deny. And then my connector gets disconnected and I cannot connect anymore (except when I have multiple servers in the same network with one connector each).
Yes, correct. I can not connect via privatIP:1373 over ssh without the rule in my ufw, but I do not need to add that inbound rule with the Hetzner firewall because then it would work with the public IP which I do not want. In the screenshot above you can see that it always worked without a rule for ssh in hetzner and in ufw, but since last week this has changed and now without the inbound rule in ufw ssh over the private IP does not work (I had no update since a wile so it cant be because of an update).
